Reputation: 18280
Token Authenticatable module in Devise
I'm starting using Devise in my Rails app, but the Token Authenticatable: signs in a user based on an authentication token (also known as "single access token") module puzzles me.
Is the user authenticated only for his current session? If he uses now the URL containing the token, can he re-use it at a later tine and still have access, or does he get a single access?
Can multiple users be authenticated at the same time, using the same token?
I have searched extensively for a working example; please forgive me if this is explained elsewhere. Any pointers would be more than welcomed. Thanks for your help.
Upvotes: 39
Views: 15031
Answers (1)
Reputation: 159135
The short answer is: it's up to you.
This module only provides a few helpers to help you manage the token, but it is up to you to choose how to use it. For example, if you want to have a new token every time the user saves his account, you can do the following:
before_save :reset_authentication_tokenOn the other hand, if you want to generate token unless one exists, you should use instead:
before_save :ensure_authentication_tokenIf you want to delete the token after it is used, you can do so in the after_token_authentication callback.
See the documentation for this model at http://rdoc.info/github/plataformatec/devise/master/Devise/Models/TokenAuthenticatable.
Upvotes: 25
Related Questions
- Rails 7 with Devise and token
- Devise and Devise Token Auth
- Devise Rails API
- Token authentication with Rails and Devise
- Devise authentication token
- Custom devise api token auth
- How to authenticate Token with devise
- Getting Devise to recognize my authentication module
- Token Authentication in Devise
- Implementing token authenticable with Rails and Devise